Date: Thu, 15 Oct 2015 16:39:32 +0200 From: =?UTF-8?Q?Roger_Pau_Monn=c3=a9?= <roger.pau@citrix.com> To: Andreas Pflug <pgadmin@pse-consulting.de>, <xen-users@lists.xen.org> Cc: FreeBSD XEN <freebsd-xen@freebsd.org> Subject: Re: [Xen-users] forcing HVM to specific network model with PV-aware FreeBSD DomU Message-ID: <561FBAA4.50700@citrix.com> In-Reply-To: <561F8065.5000807@pse-consulting.de> References: <561F8065.5000807@pse-consulting.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, Adding the freebsd-xen mailing list since somebody might be able to provide better advice than me regarding network stuff. El 15/10/15 a les 12.31, Andreas Pflug ha escrit: > Hi! > > For quite a while, I've been running several pfSense firewall DomUs up > to version 2.15 on Xen. Since the FreeBSD kernel 8.3 of pfSense wasn't > xen-aware the model e1000 was used, and I had all networking features as > expected though performance was degraded. > > When the new pfSense 2.2 was introduced, the kernel changed to FreeBSD > 10.1 which now (finally!) includes a xen netfront driver, promising a > vastly improved performance. Unfortunately, its implementation is quite > sketchy: > - offloading issues, which can be worked around by disabling tx > offloading using a custom vif-script Is this related to the long-standing pf+TSO issues? There's a recent commit that should solve it: https://svnweb.freebsd.org/base?view=revision&revision=289316 There seems to be plans to issue an EN for that one, so you might be able to get it by just using freebsd-update (or whatever pfSense uses) without having to wait for a new stable release. > - VLANs are not supported. Can be achieved with multiple bridges in > Dom0, if 8 are enough. If you need more, you're out of luck. > - ALTQ not supported. No known workaround, preventing any traffic shaping. Sadly I'm not aware of anyone working on this two items. Any pickers? > On the FreeBSD side, it is said that the xn xen netfront driver can't be > disabled at boot time, unless a custom kernel is built (certainly not > desirable regarding security updates), so: > > How can I disable xen-netback drivers for a specific HVM? It should > respect the "model=e1000" setting (or maybe virtio?). I'm running Xen > 4.4 on Debian. I've recently committed a patch to HEAD in order to disable PV nics or disks on request: https://svnweb.freebsd.org/base?view=revision&revision=286999 I will backport it to stable-10 soon to make sure it's on the next stable release (FreeBSD 10.3). Apart from that, there's not much we can do now. Roger.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?561FBAA4.50700>